Creating a Message Security Provider
To create a new message security provider, follow these steps.
- In the Admin Console tree component, expand the Configurations node.
- Select the instance to configure:
- To configure a particular instance, select the instance’s config node. For example, the default instance,
server
, select the server-config
node.
- To configure the default settings for all instances, select the
default-config
node.
- Expand the Security node.
- Select the Message Security node.
- Select the node for the Authentication Layer on which to place the message security provider, for example, SOAP.
- From the Edit Message Security Configuration page, select the Providers tab.
- On the Provider Configuration page, click New.
- In the Provider Config section of the Create a Provider Configuration page, enter the following:
- Default Provider – Check the box beside this field to make the new message security provider the default for this server.
- Provider Type – Select
client
, server
, or client-server
to establish whether the provider is to be used as a client authentication provider, a server authentication provider, or both (a client-server provider). The default value is client-server
.
- Provider ID - Enter a provider configuration identifier in the Admin Console tree.
- Class Name - Enter the Java implementation class of the provider. Client authentication providers must implement the
com.sun.xml.wss.provider.ClientSecurityAuthModule
interface. Server-side providers must implement the com.sun.xml.wss.provider.ServerSecurityAuthModule
interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type.
- In the Request Policy section of the Create a Provider Configuration page, enter the following optional values, if needed. These properties are optional, but if not specified, no authentication is applied to request messages.
- Authentication Source – Select
sender
, content
, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password), content authentication (for example, digital signature), or no authentication be applied to request messages. When null is specified, source authentication of the request is not required.
- Authentication Recipient – Select
beforeContent
or afterContent
to define a requirement for message-layer authentication of the receiver of the request message to its sender (e.g. by XML encryption). When the value is not specified it defaults to afterContent
.
- In the Response Policy section of the Create a Provider Configuration page, enter the following optional properties, if needed. These properties are optional, but if not specified, no authentication is applied to response messages.
- Authentication Source – Select
sender
, content
, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password) or content authentication (for example, digital signature) to be applied to response messages. When null is specified, source authentication of the response is not required.
- Authentication Recipient – Select
beforeContent
or afterContent
to define a requirement for message-layer authentication of the receiver of the response message to its sender (e.g. by XML encryption). When the value is not specified it defaults to afterContent
.
- Add additional properties by clicking the Add Property button. The provider that is shipped with the Application Server supports the property listed below. If other providers are used, they can require unique properties. In that case, review that provider’s documentation for more information on its properties and valid values.
server.config -
The directory and file name of an XML file that contains the server configuration information. For the default provider, this value is install_dir/domains/
domain_dir/config/wss-server-config.xml
.
- Click OK to save this configuration, or click Cancel to quit without saving.
Equivalent asadmin
command: create-message-security-provider
See also:
- Creating a Message Security Configuration
- Editing a Message Security Configuration
- Deleting a Message Security Configuration
- Deleting a Message Security Provider
Legal Notices